software architect. dweller of the shell. gardener of git trees. FLOSS evangelist. today is a good day to build better software and a better version of me.EN/PT
É inaceitável que a família Bolsonaro, com o seu entreguismo, queira submeter o Brasil aos interesses dos Estados Unidos, como fica claro no documento enviado hoje por um de seus integrantes ao governo norte-americano.
Nós sempre vamos dialogar de igual pra igual com qualquer nação do mundo.
Pedir que o tarifaço contra o nosso país seja adiado para depois das eleições é mais uma atitude de traidores da Pátria. Nunca houve e não há qualquer justificativa para tarifaço agora ou depois.
O mais absurdo é saber que a origem disso tudo foi motivada pela própria família Bolsonaro que defendeu publicamente o aumento de tarifas contra os produtos brasileiros.
Defender o fim do Mercosul, o bloco econômico mais importante da América Latina e que acaba de firmar um acordo histórico com a União Europeia, é outro ataque ao interesse do povo brasileiro.
Como se não bastasse, querem entregar o Pix a interesses estrangeiros. Não vão conseguir. O Pix é uma conquista do Brasil e não vamos abrir mão dele.
Nossa Pátria não está à venda. Nossa soberania é inegociável. O Brasil é dos brasileiros.
AWS forking Elasticsearch might be the biggest theft in open source history.
Elasticsearch was open source from day one. AWS launched a managed version of it in 2015 and made serious money running it for customers without ever paying Elastic a cent for the privilege.
In January 2021, Elastic had enough. They ripped out the open source license entirely and replaced it with one specifically designed to block AWS from offering it as a service.
At that time, Elastic's CEO (Shay Banon) did not hide the intent. He said the change was aimed squarely at companies taking their software and selling it without collaborating with them.
AWS did not negotiate. AWS did not wait.
They forked the last fully open source version of Elasticsearch, stripped out everything that violated the license, and shipped it as a new project called OpenSearch in just a few months.
SAP backed it. Red Hat backed it. Capital One backed it. Dozens of companies that relied on AWS jumped in immediately.
Elastic sued AWS over the name. The lawsuit dragged on for years. Elastic's stock took a hit that it never fully recovered from.
A trillion-dollar cloud giant took a company's own product, built a community around it faster than the original company could react, and walked away with the upper hand.
Then in 2024, three years after starting the fight, Elastic quietly went back to open source licensing.
They had already lost.
AWS handed OpenSearch over to the Linux Foundation that same year. It is now governed by AWS, SAP, Uber and a community that owes Elastic nothing.
Elastic built the product. AWS built the empire on top of it.
A guy who was the number one ranked machine learning competitor on Earth, twice, looked at how universities teach AI and decided they had the entire thing backwards.
So he built a free course that has turned more people into working AI practitioners than most graduate programs.
Jeremy Howard was the guy who made the course and it is called Practical Deep Learning for Coders.
Here is the argument that drives the whole thing.
Universities teach AI top-down. First you sit through linear algebra. Then calculus. Then probability. Then, maybe, a year later, you are finally allowed to touch a model. Howard watched this approach destroy motivated people. Most never made it to the part where it gets interesting. The math wall killed them first.
He thinks that is exactly wrong. His view is that you do not teach someone baseball by drilling the physics of a curveball for a year before letting them hold a bat. You let them play, then explain the physics once they care.
So his course inverts it. In the very first lesson, before any heavy theory, you train a working image classifier that actually runs. You build something real on day one. The theory comes later, pulled in piece by piece, exactly when you finally need it to go deeper.
Harvard Business Review said fast AI can take motivated students all the way to building industrial-grade AI systems.
The whole course is free. No paywall, no signup tricks.
It assumes you can code a little and remember some high school math. That's the bar.
The people who actually break into AI almost never start with the equations.
https://t.co/ea9S8yk1Cl
400+ AUR Packages Compromised with Infostealer and Rootkit
Arch users: review the list of affected packages and use this script to check your exposure: aur_check.sh https://t.co/8dFhMCyfVi
https://t.co/DR5q3CjIov
Hey @dhh , take a look at this.
🚨🇫🇷🇪🇺 This is big: the French government and agencies are officially getting out of Windows & non-EU tech.
Each ministry has to present their exit plan before Autumn: collaboration tools, antivirus, AI, databases..
It's starting with the Digital Ministry dropping Windows for Linux across its own infrastructure.
It's the latest step from France to reduce its tech dependency as much as possible. Previously:
> 80,000 French social security agents migrating to sovereign tools: Tchap, Visio, FranceTransfert.
> the national health data platform moving to a European cloud solution by end of 2026.
There will also be a dependency mapping across all public procurement, and a definition of what counts as a "European digital service" (which could be followed by other EU states as well)
This is coming from the Prime Minister's initiative, signed off by three ministers.
They call this move #GAFAMdetox
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Interessante port de C++ para Rust feito com IA; embora o autor não diga exatamente como foi feito, ele revisou tudo, checou bytecode gerado, fez revisão manual e, mais importante IMHO, executou uma suíte de testes igual nas duas bases de código
https://t.co/Wg3ZEoP07c
The creator of Openclaw (formerly Moltbot, formerly Clawdbot) said he ships code he doesn't read.
What do you think? Do you do the same?
Is the software craftsman dead?
https://t.co/YCGQzmxVho
@MuseeLouvre I can't create an account on https://t.co/nzWb3xsqw2 because I'm not receiving the email with the verification code. I've checked the spam folder and if the email address is correct.
Depois de meses sem entrar no twitter vejo que isso aqui virou uma mistura de demasiados anúncios sem sentido, além de um algoritmo de sugestão de tweets focado em conteúdo da extrema direita, com os quais nunca manifestei interesse.
Did you know that an FSF associate membership funds the certification of free hardware to help you choose a device that respects your freedom? https://t.co/YpXq68Cpnj #BecomeAnFSFAssociateMember
@victorcamejo@RodrigooMarques@victorcamejo você é um comediante culto, não deveria dar ouvidos a alguém que manda "pobre apostar" e se gaba de que não é a família dele que vai enfrentar os problemas https://t.co/EeDy2Bnyvp
Attention! We see multiple IPs testing PHP/PHP-CGI CVE-2024-4577 (Argument Injection Vulnerability) against our honeypot sensors starting today, June 7th. Vulnerability affects PHP running on Windows.
Patches released June 6th: https://t.co/jM5HgGUZJF
Exploit PoC is public.